Kopeechka is a hacking tool that has been active since the beginning of 2019. It is used by cybercriminals to flood online platforms with fake social media accounts [1] [2]. This tool automates the creation of numerous accounts in just a few seconds [2], allowing for the quick generation of fake accounts on popular social media platforms such as Facebook, X (formerly Twitter) [6], Discord [3] [6], Telegram [3] [6], and Roblox [3] [6].


Kopeechka provides two types of email addresses for mass-registration [1] [2] [5], including domains owned by the threat actor and popular email hosting services [1] [2] [5]. However, it does not provide access to the actual mailboxes [2]. These email addresses are suspected to be either compromised or created by the Kopeechka actors themselves [2] [5]. Additionally, Kopeechka offers access to 16 different online SMS services for phone number verification [5]. It even allows registration on chat sites for minors. The tool is named after the Russian word for “Little Penny” and is sold on criminal online marketplaces [6]. It contributes to the professionalization of the criminal ecosystem and adds anonymity to cybercriminal activities [1] [5]. Given the close ties between Russophone criminal gangs and Russian intelligence and security services [6], Kopeechka may also be used in state-sponsored attacks [6].


Kopeechka [1] [2] [3] [4] [5] [6], as a hacking tool [1] [2] [3] [6], poses significant threats to online platforms and users. It enables cybercriminals to create fake social media accounts quickly [3], bypassing email and phone verification [3]. This allows them to carry out disinformation campaigns, spread spam [3], and distribute malware [3]. The tool’s availability on criminal online marketplaces contributes to the professionalization of cybercriminal activities and adds anonymity to their actions. Furthermore, the potential ties between Russophone criminal gangs and Russian intelligence and security services raise concerns about the tool being used in state-sponsored attacks. It is crucial for platforms and security experts to be aware of Kopeechka’s capabilities and take appropriate measures to mitigate its impact. Additionally, ongoing research and collaboration are necessary to stay ahead of evolving cyber threats and protect online platforms and users from the misuse of tools like Kopeechka.


[1] https://thehackernews.com/2023/11/dns-abuse-exposes-prolific-pumas.html
[2] https://vulners.com/thn/THN:11CFE93758A62E7CC8FE1A2B51F6B0B1
[3] https://www.altusintel.com/public-yywm0h/
[4] https://cybersecuritynews.com/russian-hacking-tool-social-media/
[5] https://patabook.com/technology/2023/11/01/researchers-expose-prolific-pumas-underground-link-shortening-service/
[6] https://thecyberwire.com/podcasts/daily-podcast/1938/transcript